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[Abstract] 

25 The present invention relates to an apparatus and method for effective prevention of illegal 

copy of digital contents provided to clients. In the invention an authentication server generates a 
service subscription key based on user information from a client who accessed through a network 
and information about a digital content service server, and a user access key for decrypting a digital 
content file that is encrypted with system information of a client's terminal. The digital content 

30 service server generates a file encryption key through a multi-stage encryption of the service 
subscription key to encrypt a digital content file and provides it to a client. The client generates a 
file decryption key through the multi-stage encryption and decryption of the user access key to 
decrypt the encrypted digital content file. In addition, the present invention adopts the twofish 
algorithm for generating the service subscription key, the file encryption key and the file decryption 

35 key. 



Representative Figure: Fig. 1 
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Specification 

Brief Description of Drawings 

5 Fig, 1 is a schematic block diagram of an apparatus for preventing illegal copy of digital contents in 
accordance with the present invention. 

Fig. 2 is a schematic view of the service subscription flow for a client. 
Fig. 3 is a schematic view of a twofish block encryptor. 
Fig. 4 is a schematic view of the service subscription cancellation for a client. 
10 Fig. 5 is a schematic view of the digital content file receiving flow for a client. 

Fig. 6 is a drawing showing a header configuration of an encrypted digital content file. 

Fig. 7 is a flow chart for performing the digital content copy pretention in accordance with the 

present invention. 

Fig. 8 is a flow chart for performing the generation of a file encryption key for digital content file 
1 5 encryption. 

Fig. 9 is a flow chart for performing the generation of user access information with an 
authentication server. 

Fig. 10 is a flow chart for performing the decryption of a digital content file in accordance with the 
present invention. 

20 

<Description of Reference Numerals for Main Parts of the Drawings> 
100: authentication server 
102: digital content service server 
104: client 
25 106: client information database 

108: digital content information database 
110: authentication information database 



30 Detailed Description of the Invention 
Objective(s) of the Invention 

Technical Field of the Invention and Related art 

35 The present invention relates to an apparatus and method for preventing illegal copy of digital 
contents, more specifically, to an apparatus and method for preventing illegal copy of digital 
contents to effectively prevent illegal copy of digital contents provided to clients. 

The modernizers are flooded with information that comes through all kinds of media such as 
40 broadcasts, publications, and the like. There are now information providers who intend to 
integrate the information provided through all kinds of media and provide it at once, and there are 
users who want to selectively get only desired contents out of digital contents that are provided by 
the information providers. 

45 Accordingly, there came digital content transmission systems composed of information providers 
who convert all kinds of information into digital contents and store the digital contents to provide 
them to individual users, and users who get digital contents from the information providers through 
a network. 

50 Such a digital content transmission system provides users with an application program through 
which anyone can easily download digital contents. 
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In addition, a user who is accessed to such a digital content transmission system via a network can 
get all information he (she) desires through the downloaded application program. 

5 Those digital contents from the digital content transmission systems are provided with or without 
charge to users. 

Digital content transmission systems set service fee for a charged digital content. 
When a user receives a digital content with service fee set therefor, a service server adds up service 
10 fees according to the user's information use volume and charges it to the user. 

However, when users access to a system that provides digital contents commercially using a 
network and receive a digital content they should pay for, most of them give away the charged 
digital content as a crack to others without permission. 

15 

Besides, although damages on providers because of the use of copies of digital contents are serious, 
it is not possible to completely prevent them. 

Technical Task to be Achieved by the Invention 

20 

Therefore, the present invention is devised to solve general problems of the related art, by providing 
an apparatus and method for preventing copy of digital contents to encrypt digital content files with 
a file encryption key that is generated through multi-encryption. 

25 Also, another object of the present invention is to provide an apparatus and method for preventing 
copy of digital contents to generate a user access key used for decrypting an encrypted digital 
content file based on system information of a client terminal. 

Construction and Operation of the Invention 

To achieve the above described objects, an authentication server of the present invention generates a 
service subscription key based on user information from a client who accessed through a network 
and information about a digital content service server, and a user access key for decrypting a digital 
content file that is encrypted with system information of a client's terminal. 

A digital content service server generates a file encryption key through a multi-stage encryption of 
the service subscription key to encrypt a digital content file and provides it to a client. 

In addition, a client generates a file decryption key through the multi-stage encryption and 
40 decryption of the user access key to decrypt the encrypted digital content file. 

Also, the present invention uses the twofish algorithm for generating the service subscription key, 
the file encryption key and the file decryption key. 

45 Hereinafter, a preferred embodiment of an apparatus and method for preventing illegal copy of 
digital contents according to the present invention will be explained in detail. 

Fig, 1 is a schematic block diagram of an apparatus for preventing illegal copy of digital contents in 
accordance with the present invention, Fig. 2 is a schematic view of the service subscription flow 
50 for a client, and Fig. 3 is a schematic view of a twofish block encryptor. 
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Fig. 4 is a schematic view of the service subscription cancellation for a client, Fig, 5 is a 
schematic view of the digital content file receiving flow for a client, and Fig. 6 is a drawing 
showing a header configuration of an encrypted digital content file. 

5 As shown in Fig. 1, the present invention is configured by including an authentication server (100), 
a digital content service server (102), a client (104), a client information database (106), a digital 
content information database (108) and an authentication information database (110). 

Here, the authentication server (100) is configured to generate a seed key (Cap ID) for encryption of 
10 a digital content file provided through the digital content service server (102) and for generation of 
file use access information for the client (104). 

Here, the seed key (Cap ID) is a service subscription key for receiving digital content information, 
or receiving service to decrypt an encrypted digital content. 

Also, for decryption of an encrypted digital content file, the authentication server (100) is 
configured to encrypt the seed key (Cap ID) and system information of the client (104) by a 
predetermined encryption algorithm, thereby generating a digital content file use access key 
(hereinafter, referred to as a token), and to transmit the generated token to the client (104). 

Here, the system information of the client (104) for token generation is composed of CPU size, 
count number and page size information of hard disks and so on. Moreover, the encryption 
algorithm adopted for token generation is the twofish algorithm. 

25 The digital content service server (102) is configured to generate a file encryption key (FKeyl) 
through four-stage encryption of the seed key (Cap ID) that is transmitted from the authentication 
server (100) using the twofish algorithm. 

The client (104) is configured to store the transmitted token from the authentication server (100) in 
30 a registry which is a storage region inside a terminal and to decrypt an encrypted digital content file 
by generating a file decryption key (FKey2) corresponding to the file encryption key (FKeyl) 
through encryption and decryption in accordance with the token and the encrypted digital content 
file header information that is downloaded from the digital content service server (102). 

35 Here, the present invention uses the twofish algorithm for key-encryption/decryption during the 
generation of the file encryption key (FKeyl). 

The client information database (106) is configured to store user information of the client (104) and 
a corresponding seed key (Cap ID), and the digital content information database (108) is configured 
40 to store digital content information that is classified depending on the file ID. 

Furthermore, the authentication information database (110) is configured to store a relevant service 
subscription key of the client (104), that is, seed key (Cap ID). 

45 Operations of the thusly configured digital content copy prevention apparatus according to the 
present invention are now explained as follows, with reference to accompanied drawings. 

First, service subscription procedure of the client (104) for receiving a digital content file from the 
digital content service server (102) is explained with reference to Fig. 2. 

50 

The client (104) downloads a digital content run program to run a digital content file that is 
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transmitted from the digital content service server (102) and installs the digital content run 
program by executing the downloaded run program. 

At this time, it is obvious that not only can downloading of the digital content run program be 
5 executed as part of the service subscription procedure, but the program can be downloaded prior to 
the service subscription. 

Here, the digital content run program includes an MP3 player, a media player, or a real player, etc. 

10 Next, the client (104) accesses to the digital content service server (102) through internet 
connection, for example, a network, inputs user information (S200) and requests service 
subscription (S202). 

Here, user information includes at least name of the client (104), ID, password and resident 
1 5 registration number. 

The digital content service server (102) stores, in the client information database (106), the user 
information inputted from the client (104), and requests authentication user registration by 
transmitting the resident registration number, the client's name (or ID) or the password and a digital 
20 content service server number (SP_NO) to the authentication server (100) (S204). 

Here, the digital content service server number (SPJSTO) is information for distinguishing in case 
there are plural digital content service servers networked to the authentication server (100). 

25 The authentication server (100) generates a seed key (Cap ID) for authentication user registration 
requested from the digital content service server (102). 

That is 5 the authentication server (100) performs encryption, as shown in Eq. 1, of the service 
providing server number (SP_NO), the resident registration number and the client's name that are 
30 transmitted from the digital content service server (102) with a first setup key (auLKey) in 
accordance with the twofish algorithm, and generates a seed key (Cap ID) (S206), 

Here, a predetermined programmed key value may be set as the first setup key (auLKey). 

35 Eq. 1 

Cap_ID = E auL Ke y [SP_NO(4) || resident registration number (13) || client's name (30)] 

wherein, the numerals in round brackets stand for byte unit, the predetermined key value (auLKey) 
is a predetermined value given by a programmer for encryption, and E is the abbreviation for 
40 Encryption. 

Here, the twofish algorithm is an algorithm adopted from ASE (Advanced Encryption Standard) 
published by NIST under United States Department of Commerce for replacement of data 
encryption standards. 

45 

The twofish algorithm is a 128-bit symmetrical block encryptor, has a variety of key lengths such as 
128 bits, 192 bits, 256 bits and the like, and is efficient for diverse software and hardware platforms. 

In addition, a twofish block encryptor as shown in Fig. 3 has a 16-round feistel network 
50 configuration along with a bijective function f, and includes an additional whitening section at its 
input/output unit 
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Here, the feistel network is configured by including plural S-boxes, MDS matrix and PHT. 

A cipher text generation procedure by the twofish block encryptor with the above-described 
5 configuration is now explained roughly. 

An original text consists of 4r 32-bit words and performs a XOR operation with these four key 
words in the input whitening step. Later, 16 rounds are performed sequentially, and in each round 
two keys on the left side are used as an input for the function g, the most crucial part of the twofish. 

10 

The function g is composed of four byte wide keys and four key independent S-boxes, and a linear 
mixing step based on the MDS matrix is carried out. Results of the two functions g are combined 
using PHT, and two key words are added. 

15 These two results become an XOR to be a XOR with words on the right side (first, one of them 
rotates to the left by 1 bit, and the other rotates later to the right). 

Next, for the next processing phase half of the left side and half of the right side are changed, and in 
the final processing phase at the end of all processing phases the change becomes opposite. 

20 

And, four words are subject to the XOR with more than four words to generate a cipher text. 
The authentication server (100) generates a user authentication registration complete message 
(S208) and transmits, to the digital content service server (102), a seed key (Cap ID) generated by 
the twofish algorithm that performs the operations described above and the message (S210). 

25 

The digital content service server (102) stores the seed key (Cap ID) from the authentication server 
(100) in the client information database (106) (S212), generates a service subscription complete 
message (S214) and transmits it to the client (104) (S216) . 

30 Next, the process in response to a service subscription cancellation request from the client (104) is 
explained, with reference to Fig. 4. 

First, the client (104) inputs user information, namely, resident registration number and password 
(S400) and transmits a service subscription request signal to the digital content service server (102) 
35 (S402). 

The digital content service server (102) compares the resident registration number and password 
from the client (104) with client information stored in the client information database (106) to 
decide if the client (104) is a service subscriber (S404). 

40 

If the client (104) is a service subscriber, the digital content service server (102) searches a seed key 
(Cap ID) of the client (104), and transmits the digital content service server number (SP_NO), the 
resident registration number and the seed key (Cap ID) to the authentication server (100), thereby 
requesting (S408) the cancellation of user authentication (S406), 

45 

The authentication server (100) searches the authentication information database (110) in 
accordance with a user authentication cancellation request signal from the digital content service 
server (102) and decides if the client (104) is an authenticated user (S410). 

50 If the client (104) is an authenticated user, the authentication server(100) deletes user authentication 
information of the client (104) to thus cancel user authentication (S412), and transmits the 
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generated user authentication cancellation complete message to the digital content service 
server (102) (S414). 

The digital content service server (102) generates a service subscription cancellation complete 
5 message according to the user authentication cancellation complete message from the authentication 
server (100) (S418), and transmits the generated service subscription cancellation complete message 
to the client (104) to complete the cancellation of service subscription of the client (104) (S420). 

Next, the process of how the client (104) having completed service subscription receives and 
10 executes a digital content file from the digital content service server (102) is explained, with 
reference to Fig. 5. 

First, the client (104) accesses the digital content service server (102) through the network and logs 
on by inputting ED and password. Then, the client (104) inputs a file request signal for selecting 
1 5 one of a variety of digital content files being provided (S 5 00) . 

The digital content service server (102) compares the ID and the password inputted by the client 
(104) with the relevant information stored in the client information database (106) to decide if the 
service subscription should be done (S502). 

20 

If the client (104) is a service subscriber, the digital content service server (102) generates a file key 
(FKeyl) for encrypting a corresponding digital content file requested by the client (104) (S504). 

That is, the digital content service server (102) performs the multi-stage encryption for the seed key 
25 (Cap ID) and the user information of the client using the twofish algorithm to generate a file 
encryption key (FKeyl ), and it will be explained in detail hereinafter 

First, the digital content service server (102) encrypts the seed key (Cap ID) of the client (104) that 
is stored in the client information database (106) using a second setup key (asUkey) to generate a 
first file encryption key (DasUKeyl). 

30 



At this time, the second setup key (asUkey) may be composed identically with or differently from 
the first setup key (auLKey) given during the generation of the seed key (Cap ID). 

Next, the digital content service server (102) generates, as shown in Eq. 2, a second file encryption 
35 key (UKeyl) which is an initial encryption key for generating the file encryption key (FKeyl), by 
encrypting the digital content service server number (SF_NO), the resident registration number and 
the stream of the seed key (Cap ID) in use of the first file encryption key (DasUKeyl). 

Eq. 2 

40 UKeyl = E D asUKeyi [SP_NO(4) || resident registration number (13) || Cap ID (16)] 

wherein, E stands for the abbreviation for encryption, and the twofish algorithm was adopted as an 
algorithm for encryption, and the numerals in round brackets stand for byte numbers. 

45 Moreover, the digital content service server (102) encrypts a random value of the digital content 
service server (102) in accordance with a predetermined key value (auPKey) and generates a third 
file encryption key (DauFKey 1). 



50 



Here, the random value of the digital content service server is selected at random by a certain 
program and consists of 1 6 bytes. 
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Next, the digital content service server (102) encrypts, as shown in Eq. 3, the second file 
encryption key (UKeyt), a selected digital content file ID and the digital content service server's 
random value using the third file encryption key (DauFKeyl) to generate a file encryption key 
(FKeyl). 

5 

Eq.3 

FKeyl = E DauF Keyi [UKeyl (16) || file_ID (8) || digital content service server random (8)] 

wherein, the numerals in round brackets stand for byte numbers, the digital content service server 
1 0 random value is selected at random by a certain program, and E is the abbreviation for encryption. 

The digital content service server (102) encrypts a digital content file that is requested by the client 
(104) using the file encryption key (FKeyl) that is generated through the multi-stage encryption and 
transmits it to the client (104). 

15 

At this time, the digital content file that is encrypted and transmitted to the client (104) has a header 
with the configuration shown in Fig. 6. 

Referring to Fig. 6, header information of the digital content file includes a digital content service 
20 server number field (600), a file description field (602), a file type field (604), a file ID field (606), 
a client (104) name field (608), a first preliminary flag field (610), a target encryption file's total 
size field (612) , a digital content file's total size field (614) including header, body and extension 
flag, an encrypted file's total size field (616), a checksum field (618) of a target encryption file for 
error detection, a second preliminary flag field (620), a service server random field (622), a file 
25 encryption key verification value (KVC) field (624), a third preliminary flag field (626) and a 
checksum field (628) for error detection of the file header. 

Here, the verification value (KVC) of the file encryption key verification value field (624) is 
generated by encrypting a 16-byte null with the previous file encryption key, and the digital content 
30 service server (102) verifies if the generated file encryption key (FKeyl) is valid by comparing the 
file encryption key (FKeyl) that has been generated for file encryption with the verification value 
(KVC). 

The client (104) downloads a digital content file including a header with the above described 
35 configuration and performs decryption to run the digital content file. 

That is, the client (104) extracts system information to generate a decryption key of the downloaded 
digital content file and transmits a token request signal including the extracted system information. 

40 In addition, the system information is information about the system of a client who requested a 
token and contains kind of CPU, count number, hard disk's page size, etc. 

The authentication server (100) encrypts, as shown in Eq. 4, the service providing server number, 
the resident registration number and the system information transmitted from the client (104) with 
45 the first setup key (auLKey) and generates a first token key (LKeyl), 

Eq, 4 

LKeyl = E au ucey [system information (16)] 



50 wherein, E is the abbreviation for encryption, and the twofish algorithm was adopted as an 
algorithm for encryption, and the numerals in round brackets stand for bytes. 
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The authentication server (100) encrypts a 16-byte random value of the authentication server (100) 
using the generated first token key (LKeyl) and generates a second token key (SLKeyl). At this 
time, the authentication server (100) verifies validity by comparing a verification value that is 
5 generated by encrypting a 16-byte null with a previous second token key with the generated second 
token key (SLKeyl). 

Here, the random value of the authentication server (100) is randomly selected in the authentication 
server (100) through a certain program. 

10 

The authentication server (100) encrypts a 16-byte second file encryption key (UKeyl) that is 
generated with the seed key (Cap ID) of the client (104) using the second token key (SLKeyl) and 
generates a third token key (EncUKeyl). 

15 Here, since the second file encryption key (UKeyl) is generated through the same procedure by the 
digital content service server (102), no detailed explanation will be provided. 

The authentication server (100) transmits, to the client (104), a token that is configured in form of 
[digital content encryption server random (16) j| third token (16)], the addition of a 16-byte 
20 authentication server random value to the third token key (EncUKeyl), 

At this time, the token is downloaded and stored in a storage region of a terminal and may be 
configured to limit the number of downloads of the token. 

25 The client (104) extracts system information of the terminal, encrypts the extracted system 
information with a predetermined key value (auLKey) and generates a first decryption key (LKey2). 

Moreover, the client (104) encrypts a random value in the token with the first decryption key 
(LKey2) and generates a second decryption key (SLKeyl). 

30 

Here, the first decryption key (LKey2) and the second decryption key (SLKey2) that are generated 
by the client (104) are the same as the first token key (LKeyl) and the second token ken (SLKeyl) 
that are generated by the authentication server (100), and their generation procedures are also 
identical with each other. 

35 

The client (104) decrypts a third token key (EncUKeyl) with the second decryption key (SLKey2) 
and generates a third decryption key (UKey2). It is obvious that the third decryption key (UKey2) 
is the same key as the second file encryption key (UKeyl). 

40 Furthermore, the client (104) encrypts the service providing server random extracted from an 
encrypted digital content file header with the third setup key (auFKey) and generates a fourth file 
key (DauFKey). 

At this time, the third setup key (auFKey) may be configured identically with or different from the 
45 first setup key (auLKey) or the second setup key (asUKey). 

The client (104) generates, as shown in Eq. 3, a file decryption key (FKey2) by encrypting the file 
ID extracted from an encrypted digital content file, the digital content service server random, the 
third decryption key (UKey2) and the fourth file key (DauFKey). 

50 

At this time, the client (104) verifies validity by comparing a verification key value in the 
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downloaded digital content file header with the generated file decryption key (FKey2). 

The client (104) uses the generated fine decryption key (FKey2) to decrypt an encrypted digital 
content file and runs the digital content file with a run program. 

5 

Here, it is obvious that the file decryption key (FKey2) is the same as the file encryption key 
(FKey 1) this is for the digital content service server (102) to encrypt a digital content file. 

The following now explains, with reference to Fig. 7, the performance procedure of the digital 
10 content copy prevention apparatus of the present invention with the above described structure. 

Fig. 7 is a flow chart for performing the digital content copy pretention in accordance with the 
present invention. 

15 First, the digital content service server (102) transmits, to the authentication server, a service 
subscription request signal in accordance with user information input, etc., from the client (104) 
who accessed through the network, and the authentication server (100) generates a seed key based 
on the user information and transmits it to the digital content service server (102) (S700). 

20 The digital content service server (102) performs the multi-phase encryption of the seed key (Cap 
ID) to generate a file encryption key (FKeyl) and encrypts a digital content file requested by the 
client (104) with the generated file encryption key (FKeyl) (S702). 

Next, the authentication server (100) transmits a user access key (token) which is generated through 
25 the multi-phase encryption of system information of the client (104) terminal to the client (104) 
(S704). 

Here, the system information is specific information for the client (104) terminal, and the token that 
is generated based on the system information conveys particular features for each client terminal. 

30 

The client (104) uses the token to generate a file decryption key (FKey 2) through encryption and 
decryption and decrypts an encrypted digital content file with the file decryption key (FKey2) 
(S706). 

35 At this time, an algorithm for use in encryption and decryption for generating a seed key a file 
encryption key, a token and a file decryption key is the twofish algorithm. 

In addition, the decrypted digital content file runs by a proper run program that is installed in the 
client (104) terminal. 

40 

The following now explains, with reference to Fig. 8, the file encryption key generation procedure 
during the digital content copy prevention procedure according to the present invention with the 
above described configuration. 

45 Fig. 8 is a flow chart for performing the generation of a file encryption key for digital content file 
encryption. 

The digital content service server (102) encrypts a seed key from the authentication server (100) 
with a predetermined hard coded key value on the cord by a programmer for example to generate a 
50 first file encryption key (DasUKeyl) (S800). 
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Next, it encrypts the seed key, resident registration number of the client (104) and the 
digital content service server number with the first encryption key (DasUKeyl) and generates a 
second file encryption key (UKeyl) (S802). 

5 It generates a third file encryption key (DauFKeyl) by encrypting random value of the digital 
content service server, which is selected at random by a certain program, with the second file 
encryption key(UKeyl)(S804). 

It also encrypts a digital content service server random value that is set at random by a certain 
10 program with the second file encryption key (UKeyl) and generates a file encryption key (FKeyl) 
(S806). 

Next, it compares a file encryption key verification key value (KVC) that is obtained by encrypting 
a null function with a previous file encryption key with the file encryption key (FKeyl) and verifies 
15 if the generated file encryption key (FKeyl) is valid (S808). 

It encrypts a digital content file with the file encryption key (FKeyl) whose validity is verified and 
transmits it to the client (104) (S810). 

20 Here, an algorithm for use in encryption for generating the first through third file encryption keys 
and the file encryption key is the twofish algorithm. 

Moreover, the procedure for generating user access information, that is, token, of Fig. 7 is now 
explained in more detail with reference to accompanying drawings. 

25 

Fig, 9 is a flow chart for performing the generation of user access information with the 
authentication server. 

First, the authentication server (100) encrypts system information from the client (104) with a 
30 predetermined key value (auLKey) to generate a first token key (LKeyl) (S900), and encrypts a 
random value of the authentication server (100) with the generated first token key (LKeyl) to 
generate a second token key (SLKeyl) (S902). 

Next, it encrypts the second file encryption key (UKeyl) that is generated with the seed key (Cap 
35 ID) through the second token key (SLKeyl) and generates a third token key (EncUKeyl) (S904). 

Here, since the second file encryption key (UKeyl) is generated through the same procedure in Fig, 
8, no detailed description will be provided. 

40 The authentication server (100) generates a token in form of the addition of a 16-byte random value 
to the generated third token key (EncUKeyl) and transmits it to the client (104) (S906). 

The decryption procedure of a digital content file encrypted by the client is now explained in detail 
with reference to Fig. 10. 

45 

Fig. 10 is a flow chart for performing the decryption of a digital content file in accordance with the 
present invention. 

The client (104) extracts system information of a terminal and encrypts the extracted system 
50 information with a predetermined key value (auLKey) to generate a first decryption key (LKey2) 
(S1000). 
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Next, it encrypts a random value among the tokens having been transmitted from the authentication 
server (100) and stored in a certain storage region of the terminal with the first decryption key 
(LKey2) and generates a second decryption key (SLKey2) (SI 002). 

5 

It decrypts the third token key (EncUKeyl) among the tokens with the second decryption key 
(SLKey2) to generate a third decryption key (UKey2) (S1004), and determines the validity of the 
third decryption key (UKey2) by comparing the generated third decryption key (UKey2) with a 
verification key value (KVC) (SI 006). 

10 

Here, the verification key value (KVC) is a key value generated through the encryption of a null 
composed of only 4 0 5 bytes with the previous third decryption key (UKey2). 

It encrypts a random value among the tokens with the third decryption key (UKey2) that is 
15 generated from the previous step (SI 004) and generates a fourth decryption key (DauFKey2) 
(S1008). 

Next, it encrypts the third decryption key (UKey2), the file ID, and the random value with the 
fourth decryption key (DauFKey2) to generate a file decryption key (FKey2) (SI 010), and verifies 
20 validity of the file decryption key (FKey2) by comparing it with a verification key value (KVC) of a 
stored digital content file header (S1012). 

It decrypts a digital content file that is encrypted with the valid file decryption key (FKey2) and 
runs the digital content file by a corresponding run program installed in the terminal (S 1014). 

25 

Here, it is obvious that the third decryption key (UKey2) is identical with the second file encryption 
key (FKey 1), and the file decryption key (FKey2) is identical wit the file encryption key (FKey 1). 

Effects of the Invention 

30 

The apparatus and method for preventing copy of digital contents according to the present invention 
generate, through the multi-stage encryption procedure, a file encryption key for encrypting digital 
contents, user access information for downloading a digital content file or for decrypting a 
downloaded digital content file and a file decryption key. 

35 

Therefore, according to the present invention, since the file encryption key, the user access 
information and the file decryption key are generated through the multi-stage encryption procedure, 
decoding those keys is almost impossible so copy of digital content files can be prevented. 

40 Li addition, since the user access information is generated with a key value contained in the system 
information of a terminal, the present invention can also be effective for prevention of copy of 
downloaded content files on the client terminal to another terminal. 



45 (57) What is claimed is: 

1 . A method for preventing copy of digital content files by an authentication server accessed 

to a digital content service server through a network, with the digital content service server 
providing an encrypted digital content file to a client, comprising the steps of: 
50 generating a service subscription key based on user information from the client and 

transmitting it to the digital content service server; and 
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generating a user access key based on system information of the client terminal and 
transmitting it to the client, 

wherein the digital content service server generates a file encryption key through multi- 
stage encryption of the service subscription key to encrypt the digital content files, and 
5 wherein the client generates a file decryption key corresponding to the file encryption key 

through the multi-stage encryption with the user access key and decrypts the encrypted digital 
content files. 

2. The method of claim 1, wherein the step for generating a service subscription key based on 
user information from the client and transmitting it to the digital content service server comprises 
the steps of: 

receiving user information of the client through the digital content service server; 
encrypting the user information and information on the digital content service server 
through a predetermined encryption algorithm to generate the service subscription key; 

storing the user information and the digital content service server and the service 
subscription key; and 

transmitting the service subscription key to the digital content service server. 

3. The method of claim 1 or claim 2, wherein the user information contains resident 
registration number and name information of the client, 

4. The method of claim 2, wherein the information on the digital content service server 
contains number information of the digital content service server. 

5. The method of claim 2, wherein the encryption algorithm is a twofish algorithm. 

6. The method of claim 1, wherein the step for generating a user access key based on system 
information of the client terminal and transmitting it to the client comprises the steps of: 

generating a user access key based on system information of the client terminal and 
transmitting it to the client; 
30 generating a first token key through encryption of the system information by applying a 

predetermined encryption algorithm with a predetermined key value; 

generating a second token key through encryption of a predetermined random value by 
adopting the algorithm with the first token key; 

generating an encryption initial key of the digital content file through encryption of the 
35 service subscription key by adopting the algorithm; 

generating a third token key through encryption of the generated file encryption initial key 
by adopting the algorithm with the second token key; 

generating a user access key by adding the random value to the third token key; and 
transmitting the user access key to the client, 

40 

7. The method of claim 6, wherein the system information contains at least kind of CPU, 
count number and page size information of a hard disk, 

8. The method of claim 6, wherein the encryption algorithm is a twofish algorithm. 

45 

9. A method for preventing copy of digital contents by a client accessed to a digital content 
service server through a network, with the digital content service server receiving a service 
subscription key from a networked authentication server, with the digital content service server 
encrypting the digital content files using a file encryption key that is generated through multi-phase 

50 encryption of the service subscription key, comprising the steps of: 

fransmitting terminal system information of the client to the authentication server; 
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receiving, from the authentication server, a user access key generated based on the 
system information; 

generating, with the user access key, a file decryption key corresponding to the file 
encryption key; and 

5 encrypting the encrypted digital content file with the generated file decryption key, 

wherein the authentication server generates the service subscription key through encryption 
of information on a user who is accessed to the digital content service server and through 
encryption of information on the digital content service server. 

10 10. The method of claim 9, wherein the system information contains at least kind of CPU, 
count number and page size information of a hard disk. 

1 1 . The method of claim 9, wherein the user access key includes a file encryption initial key 
that is generated by encrypting the service subscription key with a predetermined encryption 

1 5 algorithm and the authentication server random value, with the file encryption initial key being 
generated by encrypting user information on the client and information on the digital content 
service server with a first file encryption key that is generated by encrypting the service 
subscription key with a predetermined key value. 

12. The method of claim 9, generating a file decryption key corresponding to the file 
encryption key with the user access key comprises the steps of: 

generating a first file decryption key by encrypting the system information with a 
predetermined first key value; 

generating a second file decryption key by encrypting the authentication server random 
value among the user access keys with the first file decryption key; 

generating a file encryption initial key by decrypting the encrypted file encryption initial 
key among the user access keys with the second file decryption key; 

generating a third file decryption key by encrypting the authentication server random value 
with a predetermined second key value; and 

generating a file decryption key corresponding to the file encryption key by encrypting, 
with the third file decryption key, the file encryption initial key, the digital content file ID, and the 
authentication server random value. 

13. An apparatus for preventing copy of digital content files by an authentication server 
accessed to a digital content service server through a network, with the digital content service server 
providing an encrypted digital content file to a client, comprising: 

a means for generating a service subscription key based on user information from the client 
and transmitting it to the digital content service server; and 

a means for generating a user access key based on system information of the client 
terminal and transmitting it to the client, 

wherein the digital content service server generates a file encryption key through multi- 
stage encryption of the service subscription key to encrypt the digital content files, and 

wherein the client generates a file decryption key corresponding to the file encryption key 
through the multi-stage encryption with the user access key and decrypts the encrypted digital 
content files. 

14. The apparatus of claim 13, wherein the means for generating a service subscription key 
based on user information from the client and transmitting it to the digital content service server 
comprises: 

50 a means for receiving user information of the client through the digital content service 

server; 
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a means for encrypting the user information and information on the digital 
content service server through a predetermined encryption algorithm to generate the service 
subscription key; 

a means for storing the user information and the digital content service server and the 
5 service subscription key; and 

a means for transmitting the service subscription key to the digital content service server. 

15. The apparatus of claim 14, wherein the user information contains resident registration 
number and name information of the client. 

10 

16. The apparatus of claim 14, wherein the information on the digital content service server 
contains number information of the digital content service server, 

17. The apparatus of claim 14, wherein the encryption algorithm is a twofish algorithm. 

15 

18. The apparatus of claim 13, wherein the means for generating a user access key based on 
system information of the client terminal and transmitting it to the client comprises: 

a means for generating a user access key based on system information of the client 
terminal and transmitting it to the client; 
20 a means for generating a first token key through encryption of the system information by 

applying a predetermined encryption algorithm with a predetermined key value; 

a means for generating a second token key through encryption of a predetermined random 
value by adopting the algorithm with the first token key; 

a means for generating an encryption initial key of the digital content file through 
25 encryption of the service subscription key by adopting the algorithm; 

a means for generating a third token key through encryption of the generated file 
encryption initial key by adopting the algorithm with the second token key; 

a means for generating a user access key by adding the random value to the third token 

key; and 

30 a means for transmitting the user access key to the client. 

19. The apparatus of claim 18, wherein the system information contains at least kind of CPU, 
count number and page size information of a hard disk. 

35 20. The apparatus of claim 1 8, wherein the encryption algorithm is a twofish algorithm. 

21. An apparatus for preventing copy of digital contents by a client accessed to a digital 
content service server through a network, with the digital content service server receiving a service 
subscription key from a networked authentication server, with the digital content service server 
40 encrypting the digital content files using a file encryption key that is generated through multi-phase 
encryption of the service subscription key , comprising: 

a means for transmitting terminal system information of the client to the authentication 

server; 

a means for receiving, from the authentication server, a user access key generated based on 
45 the system information; and 

a means for generating, with the user access key, a file decryption key corresponding to the 
file encryption key; 

wherein the authentication server generates the service subscription key through encryption 
of information on a user who is accessed to the digital content service server and through 
50 encryption of information on the digital content service server. 
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Fig.l 

£i# Sfi CHI 0| EH fcH| o[z±r 110: Authentication information database 
5 21 N 100: Authentication server 
NHflH: Network 
gEpojoHe 104: Client 

D l x \ § §1 S ^ij-g A-j H-| 102: Digital content service server 
#BK)[<^ SM c|| o | &| m| o|^i 106: Client information database 
10 CJXIH E||o|ElH||0|^: 108: Digital content database 

Fig. 2 

#Bj-o|ojE : CIient 

D| A| g b[J ^ A-j ; Digital content service server 

15 2l # A-j H-] : Authentication server 

A|-g-Xj- §M gJH^ 200 : Input user information 

A-| H| ^ ^Ji| 202: Request service subscription 

Ahg-Xh S.S 204: Request user authentication 

&&o\\ ll[EL[ m^0\2l^m 21^ A^X|-S §^ 206: Register client as authorized 
20 user according to seed key generation 

A|-g-X|- 21^ CH|A[A[ 208: Generate user authentication subscription complete 

message 

A|=?| °! e!5 Ah§-X|- « £1-^ Dj[A|x| 2# 210: Transmit the seed key and the 
authenticated user registration complete message 
25 a| ^ §- 212: Storing the seed key 

A-ju|^ Sl-S ^[Alxl Ay^ 214: Generate service subscription complete message 

A-| a | ^ s.* SJ--^ 0j| A | A| *H ^ 216: Transmit the service subscription complete message 

Fig. 3 

30 tJ^ whitening: Input whitening 
1 ELh^ : 1 st round 

15 15 th round 

16 &FS^: 16 th round 

whitening: Output whitening 

35 

Fig. 4 

#^rO[e!^: Client 

*l| g A-j bH ; Digital content service server 

^JgA-^ U-f : Authentication server 
40 A|-g-A} §M 400: User information input 

A-fb]^ f|-i=- 402: Service subscription cancellation request 

A i y i— CHY-il &E[ 404: Decision on service subscription 

c:|*IH A^ Hj^ Aj--g-A|- % a|==7| fij^ 406: 

Digital content service server number, user information and seed key input 
45 Aj-^Xj- 21^ 408: User authentication cancellation request 

21^- Afg-Af- Ej-cj- 410: Decision on authenticated user 

Af-g-Aj- ?|:£r 412: User authentication cancellation 

*h&*h 21^ M Dj|A|A| AH^ 414: 

Generating user authentication cancellation complete message 
50 Aj-g-Af- °J~ 416: Completing user authentication cancellation 
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A-| n|| A | X\ 418: Generating service subscription cancellation 

complete message 

M&\— 420: Completing service subscription cancellation 

5 Fig. 5 

#B[-0|ojM: Client 

?d§!^ *Hiir >M bH : Digital content service server 
o| §A-j H-j : Authentication server 

D| x\ |d a @| * H|-^ S.§ 500: Request digital content file 
10 >M ^1 — 0=] 502: Decision on service subscription 

SHS- ^« ^EMI 504: 

Multi-phase encryption of related digital content file 

°J-S:S|-S &@!^ *ISJ# £1^ 506: Transmit encrypted digital content file 

D[ X| g fH g[ ^ n|-<gl xi 508: Store digital content file 
15 A S^lj |S ^4 510: Extract system information 

Aj^gj §fi S^o|| ld^ £g 512: 

Request token following the transmission of system information 
514: Token generation 

JE_-g- 3^ 516: Token transmission 
20 M-CHI cc|-& CjXjS €J@!^ ^S.S^?\ ^£ 518: 

Generate digital content decryption key according to token 

ois§hoi qx|g ^s^w <yiy 520: 

Decrypt digital content file with decryption key and run the file 

25 Fig. 6 

-p-pr: Division 
byte "t 1 : byte numbers 
L H§ (011^1): Content (example) 
j^l-iJ ^ Si : File description 
30 gj-S^l" ^hil-l ID: Target encryption file ID 
A|-gX|- 0| -g- : User name 
0=11 t=J I ^ ^ : Preliminary flag 

g^S^I-fi* Jj|Sj^ I # A|-o|^: Total size of target encryption file 

HeaderHBody+Extension #Aj-0|^ : Total size of HeaderKBody+Extension 
35 gJ-S^I-S ^1-^2-1 # A^Ol^: Total size of encrypted file 

^Sl^th ^1-8=! -I Checksum: Checksum of target encryption file 

AHg-lh ^ ^x°h^ ^S: Version of available smart card 

A-|b|^ AjbH^i sjjg : Random of service server 

FKey?h §^A| ^ojg ^ Key *f£l-g- 

40 Key verification value to verify validity of FKey 

TL[%i m Ci o| ^j-oj § Checksum: Verification checksum of file header 

211: Total 

Fig. 7 

45 A l^j-; start 

X1| g A-lU^ S700: 

Authentication server generates seed key at the request of client's service subscription and transmits 
50 to digital content service server. 
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gh£fi^|# ^^^Oi gJ-SSF S702: 

Digital content service server generates file encryption key through multi-stage encryption with the 
5 seed key to encrypt file. 

£!§A-|iHfc #e|-o[<21eh| A|^gj §fif oi-g^h CpEhTll gj-fittr* a^a^ 
(Ig)f At[^3|-0=j gal-o|^^^ S704: 

10 Authentication server generates user access key through multi-stage encryption with client's system 
information and transmits to client. 

S^l-oieim^ a[^x[ ash?!* o|§*h gj-sai-oii a|^n a^s o|^-uhoi 

*rSl# «^#o)| cl|-e(- S706: 
1 5 Client decrypts file with decryption key generated through encryption with the user access key and 
runs the file. 

End 

Fig. 8 

20 A|*|- ; Start 

A|H^|# njaj -M§a?[0|| g|-aiar*rOl *l[ l*r8l M*r*l ^£ S800: 

Generate 1 st file encryption key by encrypting seed key with predetermined key 

25 M^\ y A|-§XP §fi §y DjX||d ^ilS A^ §Mf M\ 1 M ^2l^!o|| £|*H 

a-£ar»hO| *)] 2 >S£ S802: 

Generate 2 nd encryption key by encrypting seed key, user information and information of digital 
content service server with the 1 st file encryption key 

gj-S^I S804: 

Generate 3 rd file encryption key by encrypting random value of digital content service server with 
the 2 nd file encryption key 

35 H 2 I, s rS! ID ac ^SSiS n 3 Erfl MSr*|o|[ £|*H Maj-o r oj nfW 

MSr?| ^£ S806: 

Generate file encryption key by encrypting 2 nd file encryption key, file ID and random value with 
the 3 rd file encryption key 

40 *r§J M«r?|fi| §^ OiY S808: 

Verify validity of the generated file encryption key 

M*r?|Oll S|*H M»r S810: 

Encrypt digital content file with the file encryption key 

45 

End 

Fig, 9 

A|*h Start 

50 
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gaoled e S «.eio| A]^aj □ j E-i -a^g ?istoi! s|sn gj-SsWi xii 1 

SE?| ^ S900: 

Generate 1 st token key by encrypting system information from client with predetermined key value 

5 MM *ll l s^?|o|| °m ShSSFSftH 'HI 2 S902: 
Generate 2 nd token key by encrypting random value with 1 st token key 

A|^?[§ oissh&i xii 2 m zts-s-wm n\ 2 s.^1011 s|sn ^s.^w n\ 3 

S904: 

10 Generate 3 rd token key by encrypting 2 nd file encryption key in use seed key with the 2 nd token key 

xil 3 M7|o|| ?H@S1# M-E-S 4S^s r ol #e.rO|£MS *j£ S906: 

Generate token by adding random value to the 3 rd token key and transmitting to client 

15 IS: End 

Fig. 10 

A]Sfc Start 

20 A|^aj £M» Q|E.| 7|Stoi| °|SH gj-sShW Xf[ \ &g S1000: 

Encrypt system information with predetermined key value and generate 1 st decryption key 

sh§^§ n\ i ^s:^■3\o\\ 2.\m ^ssfsw *n 2 mss.^ S1002: 

Generate 2 nd decryption key by encrypting random value with the 1 st decryption key 
25 e!S*fuiS*B| X1j 2 ^SS^|0|| °|SH ^-^S^|-Oi *j| 3 «2r?l S1004: 

Generate 3 rd decryption key by decrypting token from authentication server with the 2 nd decryption 
key 

X|| 3 0=|^ S1006: 

30 Ver ily validity of the 3 ld decryption key 

IHg^S a\S\ ?| Stoll °|S|f gj-^Sr^l-Oi X|| 4 ^fSSr^l ^ S1008: 

Generate 4 th decryption key by encrypting random value with predetermined key value 

35 X|j 3 Z-im ID Si ?5@St# X|[ 4 «S|-7|0|| S|t|| MSr*H>l **S.Sr*l 

^■^ S1010: 

Generate file decryption key by encrypting the 3 rd decryption key, file ID and random value with 
the 4 th decryption key 

40 Shii ^£.S[?\3\ S-fer o=| *r£! S1012: 
Verify validity of file the file decryption key 

H|-SJ ^SSr?|0(| o|«H D|X|g ?Hgj^ 4°Jf ^3LS|-So|| EC|-Sh S1014: 
Decrypt digital content file with the file decryption key and run the file 

45 

fg-^: End 
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4"B (FKeylH A <H-ft*r 3H ^iSHI (FKey2)« -S^^M ^ftft 3*1* 3"** 

«>17H, ■& iflr'g^ 3* ^^KFKeyi) ^ai 713 <^j:^- ^ 4Jift# « sflAi ^ael#* Af-g-si-ch 

^■el-^l^iH ^Ji Clio] E-jaflo];?! (106)^ #3l-*lftS(104)5l A>^-75> ^ ffl^ A]H7l (Cap ID)* ^^1^ 
^i^l* ^oiBl^oli(i08)fe 3-^1 ID°fl H-e)- ^Ji7> ^sqs.^ ^3^-. 

£ft. ^ cfl^EimioliCllO)^ #el-< 3 l < iiS(104)5l A-lHli -g-^-71 2-, A^^l (Cap ID)* ^^"ft£^- 

cl^l* ;?Mi Jfl* Ai«i(i02)S.^-el2l cl^lH fl-ft #e|-°l<aB (104)^1 A 1«l^ ^ 

§^iftH(io4)^- ci^m e«a (102)^*1 ^sjfe- ci^i^ 3tt-<a# €*J-^]7i7i ^ft^^i^ 

*lft^-. 

°M, ^^]« S«* €^ isa^s} T+fra^^lwl^*^ 3-^ ^<H1 Xfts]<H ft*S^^^* *>W^^h1^ 
'let thft-s^SM ft^M 4 ai*^r ^s>^. 

^7H, cq?q^ aj^ a^n^^ MP3 i^^H, Bl^oi #^|oH £^ e]^ t«H s H *«1 

#jq-°lfts(i04)^- vflH^a *<H, 41*1^ ^^-i- *«l cl^m S^l* (102)^1 ^^*>3i, a>^^ 

<y^3>^ (ftTfl 200) AiUli -S-^ftcKftTll 202). 
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3j<HE #eH>1<?iJ= (i04)£l id, S ^^"Sai* s% v ?vq-. 

q^lt ^<a* an* *\*\ (102)^ (104)5.^-^1 -a^^t av-i-xv ^a.* ^a. ei mi 01^(10 

6)11 *13-*fca. J3. ^ e3-°l<ae ^ (SL^cr ID) S cl*!* *\*\ *13L (SPJNO) 

♦ <?1^ *\*\ (100)5 ^«-<H] *l-g-*> -o-^-# .2.31 fit} (#3) 204). 

o^H, iJM^ ^ ^«1 «i^(SP_NO)^ 91^ *\#\ (100)11 i-ll H^R 3^ tl^ltg ^31* ^l-g-^tf|7l-^- 

*r7fl ^aflsHb ^11- ^1^71 ^tb ^JiL°H}. 

(100)^ t^ig ^t§* a^ (102)3.^ £.3^ o]^ ^4f^ cq*H Al = ?1 (Cap id) m. ^aj-sm} 

^, II* *\*\ (100)^ lH*^ ^ ^(102)5.^ ^ul^ a-^ sU:(SP 

_NO), ^^l^^i ^ §Sr°l<SH5l ^ 1- ^Jiel^ll ^11 (auLKey)ll 51*11 <&±£& 

a1h?1 (Cap ID)1- ^^^(^^I 206). 

**\7)*\, X| 1 ^?1 (auLKey)^ SS^^Il 5l3fl nl Hi ?]&±S. -g^* =r Si**. 

I 

Cap ID - E«WSPJ10(4) II ^>a-S^-^iS.(13) II #^»lSl= -3>g(30>3 



°l*fl, ^S. #51 3r*Kf ti>o]s (Byte) ^3* M-EHfli, ^ -g^* ?1 &(auLKey)£- ^Sr* 3*11 H^niiJM (p 
rogrammer) §-1) £1*11 °1&| ^Sl^ ^^H, E^r ^Jl^ (Encryption) 51 aWl^r. 

<^7M, ^A] <&JL&1#£- cll<ilE| oj-^^- (Data Encryption Standards)* tfl*H* r 7l 3*11 7l# 
S.^^ (NIST) 1M t-S.tl- ASE (Advanced Encryption Standard) 1W ^ ^ € ItuI^ 

Jf-^Al ^Jiel^-S- 128 HIS (bits) 51 tfl^ <y-J:7HjL. 128^1^., 192«l5. ^ 256 «1M -f-51 9} z3°l# 

7}*H, c|-<8=ft 4i^S?lH ^ *l-H9l|<H5l «^f-11 s^r^ol4. 

SE.€, -¥-3)a1 -S-.il ^31-7151 S 3H «r$r ^a} 7]^S] ->\]2_ §^ isRr 16^f# allfl^ 

^(feistel) D J-^t %JL. <a#^^-11 ^7> aj-°lBll^-f- (whitening)* 7^^. 

<^7lAi, 2|1o]a-^ ^71151 Hi -^{S -box), <gtl-Hli(MDS) S ^°fl 0 l^E| (PHT)# S^-*}-^ ^Mi« 

4. 

ol^ ^ 5-^ jjL^Ai -g-^ ^>3iSh7Hl 4^ ^J:^- 4^* 7fl^^^.s. -a^tbcf. 

€^Tr 4r5l 32 Uj^ i^olxlai, <y ^ sKlefl^ ^l* 47flol ?] ^^^51^ ^^1-. 

16*151 ^s|^^l, zl- al-grHolMfe ^51 ^ 7fl5l ^M*l5l 7^ J f-Sr 0 J g% k ^5| 

SJ^AS. 7.>-g-^cl.. 

g t- 4/1)51 55.0]^ ? j s.^ o]!^ wt-^^ ^^1^, ^1^ -gtllli ISi 5-*VSl-T7 ^M-51 ^1^ ^:7<| 

7} ^€t=K ¥ 7fl5l g *M-5l ^sfir 3l1|ol^els. A>-§-*fo1 StSli, ^ 7fl51 ?l^H7l- D)*B^lnJ-. 

ol ^ 71)51 ^I-sHr nflEl-31 if-elf-fl £H _£.-g-^ ^r<H (^^, n^- ^ s>M-b l«lm S|^* r jl, a ^11 ^ 5 

ol^_ cf^ Ale) ^tt41* 3«fl7.i ^ w>?l jl. ^Tfl <^|^ p>xi^ sqaj ^741^r bV¥*1 S> 

cHs.sl<H^l^. 
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(lOO)fe- Hj-iV *3h-gr ^r*S*Hr ^sa)^^ ^afl 41 ^« a^j (Cap ID) 4J- a]~§-a}- Si* 

«S DflAl^* (#3] 208) cl^l^ ^ (102)3. ^^^4(^1 210). 

^3. A^(io2)fe {100)3,^$ AlH?l(CapID)l- ^B^lSiH ^il ^l^mM ^(106)^1 

^■ft ^(^:7ll 212). <q*]± ^ ^i*}^ O&tI) 214) S^M^ (104)°1l7ll ^^(^l 216). 

°H,£ 4* t^l <SH (104)3 «H& 

^*1, S^1^S(104)7> AR.*} ^a. ^. 5 Jfl^H* °J^*1-J1(^^ 400), *\*]^ ^l 

clxl^ ^ll*^iH{102)S 31**40** 402). 

c]x]^ X]^- a^ (I02)xr #Bj-^l^iS.(104)S^-Bl21 ^fl-S^ifli ^ WSM'tiS ^2. cll°l&NH 

^(106)^11 ^=8-S]«H Sife- «3HS1E ^« ffClol^E ( 104 )7V ^^-^°]7-l-g- ^^(^1 404). 

#^1^(104)71- jquj i -g-^V^l ^-fr. cj*]^ *fl? AlBl(l02)xr €3H>l*iS(104)9 Sfl^ Al^?l(CapI 

D)* all* a^ iflJ:(SP_NO). S (Cap ID)* *\vi\ (ioo)S. 

^c]] 145}- (^7^) 406) Al~§-*1- t!# ^^0*71 408). 

A^rf| (ioo)c- 3*1 t 4* -*1*H (102)5.^3 A^g-7;} ji^j:^ 44 ^ 

(110)1- ««* o lSiH(104)7> 4*4<?1a1# ^^4(^1 410). 

#eH>lsis(io4)7> A^>o) ^.f ^ (ioo)fe- ^4*1 ^{104)3 ■*■}-%■*} 3s.* 44 4 

*4 ■?!* *fl*Kapa-Jfl| 412). A^f 33. £ S d||a1^s ^^11 a]tH (102)5. 
3i*f!r40*741 414). 

tlAlli 7fl * A-ltf) (102)^ <?1^ A^ (100)3.^^3 Al-g-^1- «1M*W tcj-fif ^s. ^i-t ^ 

a TflAl^S. ^A^^jt (^] 418), AiHli %tS. nflAl^l» #3l-ol?iH(104) o l|^ 4^ =^ 
*l<SiS(104) 3 T-iwl^ ^s. ^^7} ^€4(^:741 420). 

c>H, A^wiA, ^01 fta^ #£M<a;e (io4)7> cq^i^ ^^1* M*\ (102)5.-¥-^3 Jf-a* ^I*^ 
?iAj, #5)-ol?iH(i04)fe- iflH-fla* **B ^Ai^ e«a ^1? a^(io2)«H] ^^*t^m^ saA,^H<a^ *°11 14 

^4 -T- aii^si^ T=H?*t cj^i^ ^^i* 34<a ^ 3>i+# ai^^ ^-<a Aij:* <a^«t|.(Ta-7fl 

500). 

tjAl^ ^^li 7%^ A]tf| (102) #ef-°l^iS(104)S.^E-j <y^sl^ ID 3l S^ltlH ^fi. cflfltlflllol^ 

(106)-H1 a]^-S|<H Si^ ^flt- 'Si^- «1 JE^-H 4^ Ai^l^ ^s. ***t!K*fl 502). 

«S)-Ol^(104)7l- AjBli ^-^>0] ClA|^ ^1^1* a||^ A^Wl (102)^ 9iS (104) 7} ^« Sfl^ ^^1^ 

^Efli ^-JL^71 (FKeyl)* ^^tb4(^^I 504). 

^. clA)^ a^hI (102)-b 5jq--S ^-3L3?-?1 (FKeyl) -fl^* fl^fl X|=yl (Cap ID) #^<»l«m5l A>^> ^ 

& Jf3<|Al #J1B1#«H1 4^:711 ^-iSH- ^sl-^tfl. °1» ^1*1 -S^^ 4-§-^ 

cj^, xilAl^ ^ a| ij| (102)tt *e^°l^iH ^IS. isfl °1 Bl tifl <>1 ^(loe) 0 !! ^^"H Sit #efo]<yH(104)3 ^| 

^ a]'^?! (Cap ID)» m 9] (asUkey)-i: tfiSHM 4^ 4|1 4^ (DasUKeyl)!" ^^t!r4. 
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<44), 412 &&9} (asUkey)^ *|H*1 (Cap ID) 4ll (auLKey)^ *<ti*K&# ^ 3 >1 1+ S£fe ^3.41 

tMS* * 

<4<4, S^l* 41* ^^{102)fe *r*H1 Z«HH4 ^€ 411 ^Jl^l (DasUKeyl)* 0 l-§-*W ^ 

5fl* ^Hl SLSL(SPJMO). t^*^H}J: H *1H?1 (Cap ID)2} ^S^-§: ^JL^-SV^ s^J ^JlS^l (FKey 
1) fl« ^71 tf£SM*l 412 (UKeyl)* "Stt^-. 

^-«1 -4| 2 

UKeyl = E DasUKey i [SP_NO (4) I! ^*l^-Sl±L (13) II Cap ID (16) ] 

St!", 41 -g- (I02)fe "lei ?1 &(auPKey)4l 41* ^ »1 (102)51 ^"gSt 

* ^JlJI-SM 413 ty<a <&2.Q7] (DauFKeyl)# 

<s\7]*\, c1^1€ A-jH^ HS-a^MI ^flS. 16«M^S. ^=14. 

»H, c^lH ^Sfl^ 41? (102)ir 34H4J- 41 2 ^Jl^l (UKeyl), t^lli 3^ 

^ ID U 41* *\»\ ^3Mr 413 sq-'S ■y-Ss^l (DauFKeyl)t- °1~§-«W ^^-Hl ^ ^r 0 d 

?1 (FKeyl)* ^SH*. 

4 3 

FKeyl = E DauFKeyl [UKeyl (16) II ^°a_ID(8) II t\z]% 41* *\*\ ^ (8)] 

W\. ^fc^ H^e ^.fl > 3^1 ^ *11* A) i^j <a=3 SS.ZL^^1 51*11 WflS ^€ 3JH 

cl^m 41* Altf| (102)^ 4^4151 tfiSfr* *«fl 3h-a ^-ifl-^l (FKeyl)41 ^1 «B #^W*1H(104)S 

3*1^ £€3: sHJ-S- «^-»l«lS (104) -HI 41 3*th}. 

«H. tf£3^°l (104)4141 3*3 3^ £ 641 JE.^^. ^3 ^3 a. 

£ 6* ^^1^ ^"t* s|-^£l sflc-1 =8 jit t^TS S^ls 41* -M»1 ifiS. ^H(600), ^ ^=(602). 

^■S Bj-<a ^^(604), sf-'a ID ^=(606). ^e^l<aS(104) «H(608), 41 1 <4«1 ^^(flag) ^H(610), 
^* ^J^l # A^ls ^^(612), ^ ^-=3- ^^1* 4^-^51 # A>ols ^= (614), 

3(-<as| # Al-c-l 2; ^=(616), ^*-ir flft <£J.£Ht 4lH^ (checksum) ^H(618), 412 °flul 

«JE(620), *\v] ^ ^^(622), ^"S ^ial^l ^-°Ji]t(KVC) ^^(624). 4|3 <$v] ^H(626) 

^ 3)-<a ^1^51 41E^ « 413^ ^^(628)S 



<^7H, ^-3L3^1 fl^l?£t €H (624)^1 «Htft(KVC)& 16 B>o]Eei| ^(Null)* °]#$ <&$-fy?W 5l*fl <y- 

jl^h j a j 9sife-'fl. ^^2: 41* *\*\ (io2)fe sfl-ft •a-aifl* -a-aifl-?] (FK ey i)^ 

CKVC)* HlSL^-41 n^sl- a|a|^ 4^ <£5-&?] (FKeyl)5l ^ <^^-# ^<yttcf. 

SeHgE (io4) fe- «>4 ^"i" Stt ^]cl7> c1^1€ t^s.^ *>ji ( ^111^ 
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^. #^l?iM(104^ t^SU^ 3)-<a^ ^-Jl3?-7l *$<>§-gr %is}°l 5gi# ^*S>JL, *1 

2.tb, Ali^ =$iLfe- ^sM'dm Al^^o] 7}^l^ ^JiS^, CPU^l 71]^ S ^^^3.5] 

^tH(lOO)^ ^r^H iA*\$- ^1, l-e^l^S (104)5.-^ A^l^ ^ A-^ hIJ:, ^^.s.^ ^ 

^ ^Jll- 31 1 ^7l&(auLKey)<i "g-JSLSj-SM 31 1 (LKeyl )■* ^^^4. 

-t -h-! 4 

LKeyl = E auLK ey W^fl 3iL(16)] 

^71*1, E ^ ^S^Sl <y-J:si* ^sfl Aj-g-^ <a-jic]#^- UjIbI^H. ^S-QS] ^xRe hI-oih* q- 

(100)tr ^« 311 (LK e yl)» *]--§-*M 16^1 = ^ <J1^ (100) G^S* 312 5 

(SLKeyl)l- ^ tfth oj- ^ ( 10 0)*r 16«WS2| ^(Null)-i: al33 312 S^H ^1 ®B ^^^l 

51*11 ^H3« iSt34 312 Se?] (SLKeyl)* «1 J5L«-<H1 ^ ^ ^-f-* 

(100)fr 31 2 (SLKeyl)l: «l-8-*H geM <am (104)3 (Cap ID)«H| 16 H }°lSSl 

31 2 sq-'S ^J-JlSl-S'l (UKeyl)* ^s^H 31 3 £€-?l (EncUKeyl)* 

W, 31 2 ^3l-H(UKeyl)^ ^« 31^ (102) ^ s^o] #-a«>H.S ZL-H1 tfl* ^1 

*W (100)fe 313 Ef 1 ?! (EncUKeylH 16«>*1S^I ^St* -¥-7>* [^1* ^iffl* «M « 

^(16) ii^3se(i6)] s<naTMi*se* s^l'SHf^ow ^tm. 

#sM<dH(104)TT ^^7121 ^jif- ^#*>jl, ^-#^1 ^a.* "le| AJ^^ ^^KauLKey)^ ^Sfl 

S).*><^ ^ll (LKey2)» ^-^tb^. 

a«, #5l- <: 'ltiM(104)^ 1? vfleq ^"g^:* Xll (LKey2)<^l *±fl-*H4 ^12 ^±3^1 (SLKey2)* 

«^7H, §^»1 ^5(104)011 51^11 -^Sfe ^fll ^^-71 (LKey2) ^ A2 (SLKey2)fe- a^ (100) «M 

-i-^Sl^r ^11 M^7l (LKeyl) ^ sfl2 E^l (SLKey 1 ) -21- ^^VjI, ^-^S 

#^o|^E (10 4)fe- »|3 (EncUKeyl)* ^2 ^^-71 (SLKey2)°ll S]tfl ^-^£>^H ^13 4^^7l (UKey2)l- 

•M*^-. °H, ^13 431*71 (UKey2)^- ^2 4°^ ^ v S*7l (UKeyl)^ 

Et, #^1915. (104) fe- ^J:*^ ^*]% ^-^ *l|tl^.JfEl A^Hl A^ ^ ^^-i- ^13 ^^7l (auF 

Key)°fl 5lSfl ^^Sl-^ *514 ^^71 (DauFKey)* 

6 14, 313 ^^71 (auFKey)Tr Al (auLKey) 312 7l {asUKey)5l- -^^^711 t^J^^^- ^ * 
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(104)fe <r^M 3^S\- <£3LQ& ^S.^] ^#^[ Jfl-H ID, ^*1H *i 

«i «^ % m (UKey2)« *1l4 (DauFKey) ^ 3*11 tf:S3MMI nfHj- ^S.^] (FKey2)S 

ojicfl, #al-o|^E (104)^ 3-3:3. ^€ 3*1 « Ifl-H 313 tflS| ^-<51-§-?l Si;3}- (FKey2)lr 

^MSH (104)fc- sh<a ^X^M (FKey2)» «l-§-«H 3*1U 3f-°J# €^ HS 

h«b«i 3*11 ^^i* ah^-a- -a^^i €3. 

o^H, 3^-^ ^-xs^l (FKey2)^r 3*1H (102)°1H 3*l«a H-iS}-* 3-H 

CFKeyl)^ *°J%NSr 

<=>]£[ Qe) tMJ^«H ^ U-^H 14* 331 ^Hl «o V 3 ^T*S ^* S- 7* #2*H "M^H! 

3*3 £3. 

E7^^ 4*3*1 33 1 * ^1 ^1* ^3"3 flft #3.4- 7+S°13. 

33H (102)£r i|B^3t **fl 3^r€ #33 £3.(104) 3.^3 3 =SJi 3 

^- 33^ ^ x\$_^ a-|^s. 3**1- jL, 33 (100) 3-S-3- 3iL3l 4f 3H3* JfMJ*M 33H 

=3** 33 (102)3. 3l*t!:3(S700). 

33€ 33 (102)^ 3H3 (Cap ID)* 33:31 "a-i^M 31} (FKeyl)* 

3ih<a <y-;£3i|-3(FKeyl)3| 3*« #33 (104) 3.^3 33U s|-<S* ■?Ke::£l-^:3(S702). 

33, <?1^ Aial(ioO)^ #3-3<33:(104) ^7lSl 3^19 ^iL-f- tb&n] <g-;£$-*>3 3-§-3 ^3 

#33 "HS. (104)3. #*«3-(S704). 

333, a1^h4 ^e]-ol<as(104) 3-^3 1£3 7>3fe ji^ 3_5L3 ^ jgjg^ ^aj-o] 

<dm5l ^^71^3 s^-^ 43.;g-§- ^14. 

S-«q-«TaS(104)fe- I?* <>1*«M S ^-Jl^-ofl £!«fl ^1-^ (FKey2)l- ^^«|-al, -fi^^ ^S. 

^l(FKey2)^l £]3fl ^^1* ^"i* l^i**^ (S706) . 

45.41-^ 3^1* 3)-^ #e|-ol^H(104) ^*1e)<H afl^ HS.ZL^<i 3*R 

3^1^ ^€2: ^^g- Airf| (102)^ 91^ (100)S^Sl -S^^ ^, ^S.H2fl^ -i-^ 3*11 3E^i 

*1-S-*M ^11 (DasUKeyl)* ^3^t!:4(S800). 

^1H?1, #Bl-*l^S.(104)3 ^^-^A ^ 3^11 ^1*1 ^1 ^h°a (DasUKeyl) 

"II Sl^ ^-JlSj-sM *1|2 SHU UJt^l (UKeyl)* ^• j a«^-(S802). 
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H=8 3*11 ^$3- *§^€ cj^l* *\}& *\*\ ^&-§- ^2 3"^ ^SL^n (UKeylH 3*li <y-J:3}- 

*}°=l *)13 ^Sl-^CDauFKeyDl- ^ A ^cf(S804). 

^12 2l<ti °J-^Sl-7l (UKeyl). "AS (104) S.-?- 3 t^lH ID ^ €^3** 0 J-J:3J- 

7l(DauFKeylH 3*H °^3}-3>^ ^ <$s.ty?] (FKeyl ) « >M tM"(S806). 

«H, ^(Nuii) zya -a-jus^n 3^ smess-sw apj ^<y.-§- ?i&(kvc)3 3<s u- 

(FKeyl)* UlSLSM ^€ 3"°J oj-J:^?! (FKeyl)3 ^-<?l«r^(S808). 

^av <*) «- 7 > «KL^ sj-<y 3-Jrsj-7l (FKeyl ) °11 3*fl 3*1 spy* #3-<>l <?iS (104)S ^*tt3( 

S810). 

<^7H, ^1 ^13 34-<a -y-jLtM ^ 311 ^J^l *3^# 3tt "S^SM °l-§-3^r itaLell^ J?-33 

3. 

J£ 9^r 3«H 3ft 3-§-3 ^ft fl-H* ^r*333 4] ft #S+ 3^33. 

^3. (100)tt §33 (104) 3.^33 ^jl* 33 <g3€ 3&(auLKeyH 3*1) 3:5:333 ^ 

1 (LKeyl)* ^3^(S900), *l]l S-g-3 (LKeyl)3 3*11 3^ 33 (100)3 3J:33-3 

32 (SLKeyl)* *33ft3(S902). 

°13. (Cap ID)» 3-§-33 ^ 2 3°J 33u33 (UKeyl)« 32 Se3 (SLKeyl)3 33 3s333 3 

3 S.e7l (EncUKeyl)* ^§ ^ tb3(S904) . 

c^7H, 32 3°i ^*7l (UKeyl)^r £ 8333 *3ft 3^3 33 ^MS|£1 333: 33333. 33. 

3^ 33 (lOO)-fer ^ A ^€ 33 S^7l (EncUKeyl)3 1633S3 ^^5t^r *8313 E&l: ^^^><H #^1^ 

^(104)3. 3*-t!-T}(S906). 

S ej.o1^e^] cq-^- ov^^ ul^lsi ^-^SJ- £. 10* % V S*V<^ -a^^. 

£ 10-&- ^- ^ ^4^3 ^r^^l 41 #S+ 

#^ t 'l'aS(104)fe- ^^7|51 Ali^ ^Ji# ^#-3r>Jl, ^t-€ ^l^^l ^Ji* -S^^ 7-1 ^ (auLKey) <H1 3^(1 
2(-*><^ JfJll ^^71 (LKey2)» tb^(SlOOO). 

ol<H,yf = (100)S.^ ^^l^ ^713 ^-^oil ^^S)^ Si^r ^ m 4J:^t-7l (LKe 

y2)>Hl ^^><=i ^12 ^3LSl-7l(SLK e y2)l- ^1^^(51002). 

S.^ ^ >113 S^7l (EncUKeyl)l- *)]2 ^Jlsl-71 (SLKey2)<Hl ^-3lSt-^ *l]3 ^-^Sl-71 (UKey2)# -^^^(S 
1004), 7m(KVC)3q- ^s§& 7%3 ^S.^] (UKey2)» Hli2.«-»fl ^ ^3 ^-5.^-71 (UKey2)3 ^ 

^t!:^(S1006). 

<^7lAq, sj-ol-g- 7l5t(KVC)^r 2-^- 4 0 1H7> ■0--2-S. ^€ ^(NuU)* ^]3 ^-3:31-71 (UKey2)<Hl £|SB ^JlSl- 

413 ^"^1 (S1004)°fl^l *113 ^3}-7l (UKey2)°H 3«« ^ ^^St-i: ^ v ^-*l-^ ^14 (DauFKey 

2)1- ^^^^(SIOOS). 
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»1<H, (UKey2), shU ID ?J *&^&ig- AA *tX&9\ (DauFKey2)4| S}*H #J:3NM 4£3M (FK 

ey2)» -S^^CSIOIO), ^*S)<»| 5U£r ^^11 ^ 3H1-&. ?l?]t(KVC)4 Hl:az.*H *U ( 

FKey2)3 SHlft4(S1012). 

^7]- S^-ft^ 3^-<a (FKey2)4| 3*11 fliSW 4*1H ^^!* s^a* ^-Sfl-^ja. ft£7H ^ft 

-a^ Hla^i ^sfl 441 ^SlS 4<a* -*l^ft4(sioi4). 

0171*1, 4|3 ^3L5\-9] (UKey2)^r 412 (FKeyl)^ -^H^, ^SJ-t'I CFK ey 2)^ 4<ti tf:fc39*l ( 

FKeyl)-b 

"i^ -l -H-4 

£ 13-1341 tj*l*| jg^A a.^ ^| ^-sq 5i t|*H3 ^sls-ir tf£$-«l-7l 3ft ^ ^J^l, 4*1* ^€ 

^ bi-oj^ ^^^,4 ft^nft 44H ^a^A ^3i3Hfr7i 3ft ai-§-^> ^ft ^a. ^ 4-<a ^au^i 

* ft ft 413 4^1- *«l ^ftft. 

-S- 4^ ^>-§-^V ^ft =8Ji. Si 4±^7)7} ftft4|£l ftjr ft -fl-S^HS f) 

$ *7v&*m c^ifi ^-asi ^# «^q« ^ saft. 

£.ft, ft-§-4 ftft 3 £.71- tQV7]SH Sftftlr ?1#41 3*fl fl^j^SS, ^bWSIH^ ft«7H ft£3J= 

^M* sm-fr 4€- ft^7is<q 4411- ft4* ^ aife JLfts 514. 

(57) 4) •? 3 
I. 

ms^at *«H 441 ^tH«H| 3*r3*? ft* ^1*!: 441 ^<a* 3-41 t4 ftH 

44^ 4i* ^Hfe- <&$-n& 44« ^>a* 4-11-t- #44ftHs. 4i*ft -«n sa^-H. 

*; 

^"71 SSM«aS ^71^ A]^al ^ ^tt?l« >9^*M 4 v 7l #**Rr it 1 "*} 

41-71 ^^1 * x(i* Aj. 7 ] Aiaii -1-^11- i+^-Tii tJ-iaM sift 4*a *is*-?l* ^-S^M A J-7i tjxi^ 
Aj-71 #et-o)^E^ -$.71 a>4-^ =aft?H 5jft tq-ft^i -S-JiShl- ig-n 4>7l ^ ^JiSh?Hl -^-S-*>tt sF-a 43:Sl-7l« 

*ti -a-i^ 4^1^ ^^is sf<a-ir 5* 3tt 4^i€ ^-^1 

*^ 

2. 

41 l»H 

-y-71 l-^l-aHS.^^] ^^.<=fl 4-5- ^H]^ ^?l* ^^^H A o V 7l nl*Ha ^i^A ^|^. ^^ol^- ft 

Aj-71 #el-ol^ESj AV§-^> Jglt^. 4>7j Cl^l^ 41* -H^-S 11^^ ftTfl; 



- 11 - 



^2002 -0063659 



#7| # #7l C|*]^ <U=83 <&JlSh #aie1#ofl S]«fl oJ-Jr^isM -#?1 ^Uli 

*7i s #71 q^i^ ^ jg-71 ^#*Rr ^n-, 

-#7] -^H]^ #7l q*lt iS^U* ^ S**>^ ^ 

# a«-*K=- <Jl^ si tb c^l* ^^!* JM ^1 

3. 

•#7l AV-§-^> #j;Ur #71 #^l<aM5l ^^Sli: 9i ^"g #Ji» S^Vfe- 31* 5f-#£-S ^}£r ^ *luH Sift 
^i^l* 4*1) W 1 S"a. 

^t 1 * 4. 

*fl2^1 5ft "H-*!. 

<#7l t^lt *0-g- ^tH ^iL^r #?1 c-l 7-1 U *jl-g- Altf| igs ^ ill S^sfe ^-1: ^J2.S. "51^ ^ 

H^ofl 3ft c^ifi 34* ^1 "8-3*1 W 

5. 

»12%H1 3l«H*l. 

■#7l <y-3:Sl- -a-jiel^ Jp-sH (twofish) ^-aiel#^4- ^-2-3. tsRr AM*fl Si* t\X\% *r*i t 

^T 1 * 6. 

a> 7 ] #e)-ololE ^^71^1 Al^^ JgJiofl nJ-S. A>^> ^t-7]t -^^*><H -#71 #5H>l<£;e S ^SKf ^741^- 

#71 ai^sj nisi ?i^i 331 <y^^ ^-jisi- 6 iJi5l#-i: ^-g-sM <&:Sl3!W1 ^ m S&71* ^ 

-#7l ^jlBl^-i- 7-1-g-^l-c^ ^li S-g-^H 31*1) <a^3l -3fl^&-g: #Jr3HHl «W ^2 S€-7l# -^-sKr 

#71 tJie|#^r ol-g-^HH AV71 -*\*]^ -§^1* ^^Hl £133 -#71 ti*m ^^J* "#3::^ 2:7l7l» "3#s"Hb 

^tb7l# ^^l^HS- 3j.*-=Hr ^741 
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1- 2L«-*Rr 91* ^ ^ 

7. 

^te^l &<H*1, 

-*7l a]^ ^jife 3)<H.E CPU3 7fl^ $ ^Ji* i^SHr SRr «1 

* -HtfM 3* x^^l^ sfi^I* ^M] fj-^l U-'fl. 

8. 

-y-^l #513* *JflX| cy-j^aoj-g. *>fe <il^*lHW3«:Cl*l«Sl!* ^1 ^ 

^T 1 ^ 9. 

*i|S*|H.* **fl rqxl^ ^i^^ A|q«| ^.o^e^ o)^ sj-^oj ^ ig-ig .^- 7 ] t\ 

5- ^71 A^i^ ^s.7i5i ci-^i -a-j:^-^ s\n sf-°j °i-§-«m 
-s-71 a>^-7> ^^7i on ^si] ft£#7i«i *8-*fe ^isw* -f^aR? ft*: 

-#71 A^fe Aj.71 ^^|^ ^ a>^i-^ j± si -#7] c}*«i ^^ia ^ a^ ^^.«q tf± 

3H1 #71 a|h1a. ^Aj-3-^. m^ijs^ *l-ir t^l^oll c^ig 4a.* tg-^. 

10. 

All 9*«fl Sft'H'M, 

#71 AliU ^SL^r 3j<H£ CPU3 ^fl-. *^ 5! JflM*l Sfl-^fr ^i=- 

£l^r cj*H slzIi U^. 

11. 

*I9SMI SSl^-H. 

AJ71 AV-g-^f ^«:7lfe A] H] A- ^S-71-ft <a^31 ^-ifl- -a-^el^ °l-g-*H >9^€ 4^ ^ V 3L*1- 3:7171 ^ ^7] o)^ 
A^ 
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#71 q^q. s7l?lfe #71 ?1 it* °l-§-«H «Kf ^« *i *l-<y #3: 

fl^H 5]sJl #?i ^oj^Ecj xy-gr?.} ^ #7l cixin ^ ^^.s #jl3HM -S-^* ^Sls. 
^e^l^lM 3ft #>3. 

12. 

#7l A}-g-*> 2l*fl #7l SfU ^5^-71^1 #-§-ft^ 3*<& ^-±^-71* ^«Kr ^Tfli? 

#7l Ali^l ^jl^ nlal *U 7l3H 3*11 tfS^SH *)U =H1 Jt-Jt*yl* -S^Rr 'SrTfl; 

#7l a>-§.^} ^ #71 a^ sfiigst* ^ii 3H-<y 4J:ft?H «-ia^*HH ^"fl ^Wll- fl-lM-fc 
ft*l; 

#7l A]-g-x> ^ft?i § #7l q}-J:3}-€ 4^ s7i?n- #7j ^2 ^ 4^ft7Hl 5l*H ^ 

i7l7l# ^^«>fe- ft Til ; 

#71 ft=^ ^St* "13 -l^ft *82 ?1M ^l^-sM U-sSl-^Hl 3-3 *)l3 4^ ^^1* -^sKr ft 31; 

#71 ^13 ^ ^^?hi #71 ^-<a ^j-ifl- ^7i?i, #71 shi id ^ #71 a^ # 

♦ 3L«*K? t^l?lEi 3ft 33« #3 #H. 

^T 1 * 13. 

tflS^a.* 33* ftfts ^ ^3^r ft^ 33°fl 3ft 33*8 3^3 4*11 U <M #3 -#3 

33^ ^"ts i^xi^ 3\-<a-t #3-3 <a^. *n?-ft -°ii 5U33, 

#71 ^3-33J=2.-¥-33 A>^> ^i£ofl a)--g. ^71* ^3"3 #3 33* 3|* ^^S. S**Ne ^ 

ft; 

#71 S-eMftS ft^7l3 a]^^ ic|s Al-g-^V ^^7l* ^^*t<H #7l ^el-ol^^S. ^**>^ i't"S> 

tq^}^ ^1^1 A ^1^ A-iUl^ #7] AfHl^ ^?l-t Cf^Tfl #313H1 S^i ^^*><H #7l 

#7l gsKi^M-b #7l #^-^> ^fi^H sift cj-ft^l #5:^-« #71 #-§-«l-^- ^--a 4^*3 » 

^^•H #71 -a-ia^ 3^1* 31-11* ^i* -aVfe ^1 #^1 #*1. 

14. 

^13#^1 51 <H^. 

#71 *3<si «as.5.-¥-Ei £i a>4-^> ^a.^ -HHii ^7l» #71 t3*i "ti ^1^ ^tfl-s. €*ft^ -r 1 

#71 ge)- 0 !'?!^ #-8-ti> ^Jil- #71 q^l^ ^1^- a^I- ^-sfl °1 ^ «> t ^3:; 
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^.7] AV-g.^. jgji ^ tiki's sfl4* >0* -M^sl ^js.* U^si <g-iS|- «tjLBi#«| -SM xjiJli 

♦ a«-*H=- t^lS -^1 

15. 

#7l AV-g-^> ^ji^ -y-71 l-e^l^Eo} ^-3.^ g ^ ^-i: r^lfl ^^li ^-^ 

16. 

A o v 7l t^l^ fl^a *fl? *w =g^.ir ^-71 SiJ: a^SHfe- *Rr 

4M1 ^1 =g-*l. 

^T 1 ^- 17. 

#7l «B-3L3q- ^-slAj (twoflsh) £3131 ^-S- oItt ^lH ^<t* ^1 H <M #*]. 

Ut 1 * 18. 
*13lH SH-M, 

#71 #eff]*iH ^7] 51 A^Efl ^a.efl Eif^ A>^-xV iift^ll- #7j l-af-olole^ ^^s>^ 

j#7] ^jl* p1 el -M^^l ?lst<Hl oq^fl ^^51 Uraiel^-i: a?-§-*M ^^%^1 ^1 S€-7l» -<3^ 

#71 °iJLBl#^r >M-**H *f|l S^7H| £)Sf| <fi^5l ^ft* <£5l5|-#«fl ^ ^12 *S^*Rr 4^; 

#7l ^Jl^-flr #7l J}^ i7l7l» #7] *fl2 £€-7H 51^1 *|3 S^7l» ^ 

*Hr 

#7l m S5?H #7l «^St* Jf7>«M ^«t7ll- *S^*Hr ^ tj-. 

#7l A>-g-X> #7l ^-el-ol^E^. ^#B>^ ^ 
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* cHU S«* #*1 #*1. 
19. 

* 18**1 5ft<H*l. 

#7l ^ife- aj<H£. CPU 3 7fl^ Si -§1-3^^3-5] Sflo^l aH5 3jiL# 3# Sf-cr ^ 

^ ^€2, 4^1 U-'S. 

^t 1 * 20. 

*fll8#*>fl $1*1*1. 

#71 <a-*g- t-Ji^#^ <£;aels*J* f^'AS *Rr ^1^11 ^) HM #*1. 

^■T 1 * 21. 

i*£fla* «-«H t|*|« e^L* teH?lS°il 3*1^1 a*A 4*1 #*1 -#7l 3 

^lH ifl^aL* ^€ *4^ >|tf|S.^ ^nl^ #sr?l-i- >fl**jt. #71 qxuft ^ 

* #71 Ai«ii #^.?151 xq-^l <g-:£3M 51«B 3h<a flASM* *l-§-*M #71 c|^l^ ^i^s ^"U-i: 

#7] #71 #sf^l<?l-S ^7] °1 Al^ ^ a.* ^-t-*Hr- 

#7i Ai^<a 3*2- *fl o)«i #7i aw2.*bi <y^^ 

#71 #-g-*} ^tt7Hl sun #71 #J:^7H *3^*Rr ^ 

■a- a^si, 

#71 AJ-71 *|¥ $4^8 #-g-7+3 ^ #71 Cl^l^ ^ a-S) ^J-Jl 

sq-*U 3*H #71 ^Bli ^fl-fr ^^s. «fe ci^l* 4*11 #*1 #*1. 
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